I’ve got two 2.4.28 boxes and I’m trying to get two-way multimaster replication set up – first for cn=config, and then for the entire tree.

I can attach more of config.ldif if needed, but here are what I think are the relevant snippets:

First thing that leaps out is, of course, the certificate is for ds.clarku.edu and the hosts are called animal.clarku.edu and zoot.clarku.edu; that’s needed because I intend to round-robin those two hosts. I have TLS_REQCERT never in ldap.conf on each machine and I can do a successful “ldapsearch -H ldaps://animal.clarku.edu -x -D "cn=config" -W -b cn=config” from each machine to the other.